General

  • Target

    R D X E 6 5.rar

  • Size

    10.7MB

  • Sample

    240803-jmrvjaxapj

  • MD5

    bf488a28c0aa529bf8ff779b673d58fb

  • SHA1

    687f8e7164f642d746a7c7b7dd5c1c70d1e1453c

  • SHA256

    f29f8a8d5cf10644a4fecee5eefacfdad688b0b96540cd68ea4ae7058bfe327b

  • SHA512

    3c02bd2718eaf58c7cd70c6cebf1c797a5cab5a684918eaa5068e836897c5ef4091f3dca1badb1bb86557a8ad103b1de39b5e19efd60029baf67f13244e0c542

  • SSDEEP

    196608:qfMWCbdJFQ4G78fFZ0sqBCaSqLHjgIoX8ExcBjP3hIksFQQdO5:hWCJfBFZ0sCd4IoMecV/hHsOQc

Malware Config

Targets

    • Target

      R D X E 6 5.rar

    • Size

      10.7MB

    • MD5

      bf488a28c0aa529bf8ff779b673d58fb

    • SHA1

      687f8e7164f642d746a7c7b7dd5c1c70d1e1453c

    • SHA256

      f29f8a8d5cf10644a4fecee5eefacfdad688b0b96540cd68ea4ae7058bfe327b

    • SHA512

      3c02bd2718eaf58c7cd70c6cebf1c797a5cab5a684918eaa5068e836897c5ef4091f3dca1badb1bb86557a8ad103b1de39b5e19efd60029baf67f13244e0c542

    • SSDEEP

      196608:qfMWCbdJFQ4G78fFZ0sqBCaSqLHjgIoX8ExcBjP3hIksFQQdO5:hWCJfBFZ0sCd4IoMecV/hHsOQc

    Score
    3/10
    • Target

      R D X E 6 5/Client.config

    • Size

      33.0MB

    • MD5

      157bca5bfbab154797fbbe947946084f

    • SHA1

      280096391abd2ea592198d205b6e44cdd2408121

    • SHA256

      f9aae2ca83d60ae3a6e443d23c91672cda766f73003e4f3f0f99eec1f336d946

    • SHA512

      5fbbaa59d4425779ecae554372a476414a60b70fe190ca408a0505b13064866d1576e6409e657d2933cd5922a053aacdf7c01b457b3385476dabfe1c46b5c1da

    • SSDEEP

      786432:BeCve2OlHAoFfgrh96BKMZvBx9ImCrWFi6:BejjlHAopI9xABx9ErWFi6

    Score
    1/10
    • Target

      R D X E 6 5/Roblox Executor.exe

    • Size

      150.0MB

    • MD5

      2deeebca12a7ad34853fdcd49c37dce6

    • SHA1

      31b89e4dba3453b6d5586c31a38dea21ffbb8980

    • SHA256

      6f5d9fc697149670937135f56c7201bc59fcc535b6af45924b7b387fa0ce2a9d

    • SHA512

      6826aa344d3a3c6776d43912518ef350c97ac6cd4a5817562e436daebf399f2e7ea25ce36ade106915864b375a8c87377753c87f344717405902f50ad7685e6a

    • SSDEEP

      196608:5kfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfkfT:4

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks